Page 1 of 1

Can't access roles with password

PostPosted: Wed Sep 07, 2005 3:05 pm
by skylendar
According to the doc, you should be able to create specific roles with or without password.

Here is an erxample contained in my /etc/grsec/policy file.

role xyz sN
subject / rvka
/ rwcdmlxi

role abc sA
subject / rvka
/ rwcdmlxi

Then, I run gradm -E.

So far, so good...

But when I try to access the role xyz, with gradm -n xyz, the system returns : Invalid password !

Same thing with abc, even if I set a password to abc with gradm -P abc.
gradm -a abc asks for my password, and returns invalid password even if the passwd is the same as entered before, of course.

But, I can login as the admin role with the correct passwd.

What's wrong ?

and a last question: how to configure grsecurity so that I can use a PAM protected role. It is not specified in the doc.

PostPosted: Sun Sep 11, 2005 10:22 am
by spender
you need to add a role_transitions line, that grants you privilege to change to the no-auth role. So, in role abc, you would need:

role_transitions xyz

As for the PAM authentication, just add "P" to the role mode (for a special role requiring authentication). That's all.

-Brad